Malicious
MsproviderHostperfNet.exe
PE Executable
MD5: ac4d82f073cbd9d856d240f227cb9080
Size: 1.92 MB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Very high
| MD5 | ac4d82f073cbd9d856d240f227cb9080 |
| Sha1 | 67ea451a5974562aa78119a61c482d8302f66b0e |
| Sha256 | c4952e123128e1ed3e24727fcd835d02a993858d36712d27ef5629db88d428d1 |
| Sha384 | 93a8b51c03d6784146069227b7bd6e0639cd3619f8aec20c0c179e3641c8608992f6e6014e3b8baa35eac96800fdd722 |
| Sha512 | 68842c9db6f3589b98d32c976d31b0ea5aca259baa91fa45487acd38eb631862b3c410978932beea3f092db60a5f9687f8b3031aee5a461030a23046f9e69db8 |
| SSDeep | 24576:zylaBiQO1297+EGcuj24VN6kCriQrl4T/zYw1/eIyY/q7jvurJbtBjbvwTqO9UJ0:znBK1Ncw+nhpY/aurJ5drwTt90 |
| TLSH | CA95AE1665924E32C3A467758597213D82B0D7763E52FB0B371F6093AD0BBF18F622B2 |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | pxqDsBPmp0nY |
| Full Name | pxqDsBPmp0nY |
| EntryPoint | System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu() |
| Scope Name | pxqDsBPmp0nY |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | SGxDUr5uRrbW2X9YcTIdUkMi5E |
| Assembly Version | 4.1.5.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 47 |
| Main Method | System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu() |
| Main IL Instruction Count | 44 |
| Main IL | |
| Module Name | pxqDsBPmp0nY |
| Full Name | pxqDsBPmp0nY |
| EntryPoint | System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu() |
| Scope Name | pxqDsBPmp0nY |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | SGxDUr5uRrbW2X9YcTIdUkMi5E |
| Assembly Version | 4.1.5.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0 |
| Total Strings | 47 |
| Main Method | System.Void dOTodySwoeknhTLV5Kp.hJvDk2SkJkfL9n2nN2e::s2xScOIAnu() |
| Main IL Instruction Count | 44 |
| Main IL | |
No malware configuration was found at this point.
You must be signed in to view YARA rules.